CVE-2012-3446
MEDIUMApache Libcloud < 0.11.1 - Improper Certificate Validation
Title source: llmDescription
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
References (2)
Core 2
Core References
Release Notes x_refsource_confirm
https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES
Exploit x_refsource_misc
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Scores
CVSS v3
5.9
EPSS
0.0121
EPSS Percentile
64.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (2)
apache/libcloud
< 0.11.0
pypi/apache-libcloud
0 - 0.11.1PyPI
Published
Nov 04, 2012
Tracked Since
Feb 18, 2026